MS3 Case Study

October 04, 2016

Wireless computer accessories, such as keyboards and mice, were invented to follow the trend of making cords “a thing of the past.” Desks and workspaces have a cleaner, more organized appearance with the use of these wireless accessories, and wireless mice, in particular, make it easier when using a laptop. However, the growing concern about security breaches has led researchers and security professionals to investigate other potential avenues that could be used to compromise corporate networks. Is it possible for hackers to use these wireless accessories in their data breaching methods?

Finding the Vulnerabilities

Bastille is a newer organization whose goal is to inform businesses of their own security risks, particularly via wireless access points. To do this, “Bastille safely and privately scans a corporation’s air space, giving security personnel visibility into every emitting device on a premise. As a result, companies can accurately quantify risk and mitigate threats.”

Bastille has performed plenty of research on wireless keyboards and mice to determine if these items can attract hackers, and these are the types of vulnerabilities they have found:

KeySniffer – Weak points in a company’s “non-Bluetooth wireless keyboards” that could allow hackers within 700 feet to track what the user is typing as unencrypted data, including credit/debit card numbers, passwords, usernames, and any other private information. Click here to learn more about which manufacturers and models have been proven affected.

MouseJack – Weak points found in most wireless, non-Bluetooth keyboards and mice that allow for hackers within 328 feet to control and transfermalware to the user’s computer. Click here to see which manufacturers and models have been proven affected.

CNET wrote an article on Bastille’s work and mentioned that they have yet to find security weak points among Bluetooth devices or devices using wireless USB connections that are not currently in use. Hackers can only gain access to your wireless mouse or keyboard if the signal is being received by the USB piece connected to the computer.

CNET also mentioned that manufacturers, such as Lenovo, Logitech, and Dell, are willing to exchange customers’ affected devices for upgraded, safer ones, and some manufacturers have even taken the initiative to research their products to be able to provide safer products across their wireless keyboard and mouse lines.

Security Solutions

While some devices have been found to have security risks, it’s important to upgrade these items if you are using any of the affected models. This will eliminate the risk as data sent from these wireless devices to your computer will be encrypted. And, if your organization has concern about using these wireless devices, good, old fashioned, corded keyboards and mice don’t pose a security risk.

You can also receive research alerts from Bastille and stay up-to-date regarding wireless devices and their, if any, security risks by clicking here and entering your email at the bottom of the page.

How does your organization manage the risk of these potential threats?